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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 
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earned patent term adjustment. See 37 CFR 1.704(b). 
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I) ^ Responsive to communication(s) filed on 19 July 2002 . 

2a)D This action is FINAL. 2b)S This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1 935 CD. 1 1 , 453 O.G. 21 3. 
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4) E3 Claim(s) 1-41 is/are pending in the application. 
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5) D Claim(s) is/are allowed. 

6) I3 Claim(s) 1-41 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 
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9) Q The specification is objected to by the Examiner. 

10)13 The drawing(s) filed on 30 November 2001 is/are: a)l3 accepted or b)D objected to by the Examiner. 
Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
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Attachment(s) 

1) ^ Notice of References Cited (PTO-892) 

2) [H Notice of Draftsperson's Patent Drawing Review (PTO-948) 

3) M Information Disclosure Statement(s) (PTO-1449 or PTO/SB/08) 

Paper No(s)/Mail Date 11/30/01 . 



4) □ Interview Summary (PTO-413) 

Paper No(s)/Mail Date. . 

5) D Notice of Informal Patent Application (PTO-152) 

6) □ Other: . 



U.S. Patent and Trademark Office 

PTOL-326 (Rev. 1-04) 



Office Action Summary 



Part of Paper No./Mail Date 0 



Application/Control Number: 09/998,484 
Art Unit: 2131 



Page 2 



DETAILED ACTION 

1. Claims 1-41 have been presented for examination. 

Information Disclosure Statement 

2. The information disclosure statement (IDS) submitted on 30 November 2001 is in 
compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure 
statement is being considered by the examiner. 

Claim Rejections - 35 USC § 102 

3. The following is a quotation of the appropriate paragraphs of 35 U.S. C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 35 1(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 2 1 (2) of such treaty in the English language. 

4. Claims 1, 21, and 41 are rejected under 35 U.S.C. 102(e) as being anticipated by U.S. 
Patent No. 6,898,577 to Johnson, hereinafter Johnson. 

5. As per claims 1 and 21, Johnson teaches a method for providing security in password- 
based access to computer networks, the network including a server and a remote user, 
comprising the steps of: 

(a) signing a phrase by a security chip of the server using an encryption key (Figure 1 A 
[block S13A], column 6, lines 37-58, i.e. encrypting the customer's password); 

(b) associating the signed phrase with the remote user (Figure 1 A [blocks S13 A, S14A], 
column 6, line 37 to column 7, line 65, i.e. encrypted password is associated with customer's 

id); 
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(c) signing the phrase with an encryption key obtained by the security chip when a 
request for access to the computer network is received from the remote user (Figure IB [block 
S13B], column 7, lines 29-34); 

(d) comparing the phrase signed with the obtained encryption key with the signed phrase 
associated with the remote user (Figure IB [blocks S14B, S15B], column 7, lines 34-35, i.e. the 
two encrypted passwords are compared); and 

(e) granting access to the remote user if the phrase signed with the obtained encryption 
key is the same as the stored signed phrase associated with the remote user (Figure IB [block 
S17B], column 7, lines 35-65). Wherein the security chip is the processor of the bank server, the 
processor processes all processes executed on a system. 

6. As per claim 41, Johnson teaches a system, comprising: 

an encryption key associated with a remote user (Figure 1A [blocks S13A S14A], 
column 6, line 37 to column 7, line 65); 

a table, wherein the table stores a signed phrase associated with the remote user, wherein 
the stored signed phrase is signed with the encryption key associated with the remote user 
(Figure 1A [blocks S13A, S14A], column 6, line 37 to column 7, line 65, column 8, line 43 to 
column 9, line 33); and 

a security chip, wherein when the security chip receives a request for access to the system 
from the remote user, the security chip signs a phrase with the encryption key associated with the 
remote user (Figure IB [blocks S12B, S13B], column 7, lines 5-65), 

wherein the system compares the phrase signed with the encryption key associated with 
the remote user with the stored signed phrase associated with the remote user, wherein the 
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system grants access to requesting remote user if the phrase signed with the encryption key 
associated with the remote user is the same as the stored signed phrase associated with the 
remote user (Figure IB [blocks S14B, S15B, S17B], column 7, lines 34-65). 

Claim Rejections - 35 USC § 103 

7. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

8. Claims 2-20 and 22-40 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Johnson in view of U.S. 6,725,382 to Thompson et al., hereinafter Thompson. 

9. Regarding claims 2 and 22, Johnson does not discloses (al) creating a public key and a 
private key pair for the remote user by the security chip; and (a2) signing the phrase with the 
private key of the remote user by the security chip. 

10. Thompson teaches wherein signing step (a) comprises: 

(al) creating a public key and a private key pair for the remote user by the security chip 
(Figure 5 [block 466], column 6, lines 24-26); and 

(a2) signing the phrase with the private key of the remote user by the security chip (claim 

10). 

11. It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to create a key pair for a remote user, and signing the phrase with the private key of 
the user, since Thompson states at column 2, lines 4-62 that such a modification would add a 
low-cost security feature to portable devices. 
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12. With regards to claims 3 and 23, Johnson discloses wherein the associating step (b) 
further comprises: 

(bl) storing the signed phrase associated with the remote user (Figure 1A [block S14A], 
column 3, lines 53-54, column 6, line 59 to column 7, line 4, column 8, line 43 to column 9, line 

33). 

13. Concerning claims 4 and 24, Johnson discloses wherein the signing (c) comprises: 
(cl) receiving a password from the remote user (Figure IB [blocks S12B], column 7, 

lines 5-65); 

(c2) sending the received password and the phrase to the security chip (Figure IB [blocks 
S12B, S13B], column 7, lines 5-65); 

(c4) signing the phrase with the loaded private key by the security chip (Figure IB [block 
S13B], column 7, lines 29-34). 

14. Thompson teaches (c3) loading the private key of the remote user (Figure 5 [block 466], 
column 6, lines 24-26, claim 10). 

15. Concerning claims 5 and 25, Johnson teaches wherein the comparing step (d) comprises: 
(dl) comparing the phrase signed with the loaded private key with the stored signed 

phrase associated with the remote user (Figure IB [blocks S14B, S15B], column 7, lines 34-35, 
i.e. the two encrypted passwords are compared). 
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16. Concerning claims 6 and 26, Johnson teaches wherein the granting step (e) comprises: 
(el) granting access to the remote user if the phrase signed with the loaded private key is 

the same as the stored signed phrase associated with the remote user (Figure IB [block S17B], 
column 7, lines 35-65). 

17. Regarding claims 7 and 27, Johnson discloses wherein the signing step (a) comprises: 
(al) signing a password for the remote user by the security chip (Figure IB [block S13B], 

column 7, lines 29-34). 

1 8. Johnson does not teach signing the password with a private key of the security chip. 

19. Thompson discloses signing the password with a private key of the security chip (Figure 
5 [block 466], column 6, lines 24-26, claim 10). 

20. It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to create a key pair for a remote user, and signing the phrase with the private key of 
the user, since Thompson states at column 2, lines 4-62 that such a modification would add a 
low-cost security feature to portable devices. 

21. With regards to claims 8 and 28, Johnson teaches wherein the associating step (b) 
comprises: 

(bl) associating the signed password with the remote user (Figure 1A [blocks S13A 
S14A], column 6, line 37 to column 7, line 65); and 
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(b2) storing the signed password associated with the remote user (Figure 1 A [block 
S14A], column 3, lines 53-54, column 6, line 59 to column 7, line 4, column 8, line 43 to column 
9, line 33). 

22. Concerning claims 9 and 29, Johnson teaches wherein the signing step (c) comprises: 
(cl) receiving the password from the remote user (Figure IB [blocks S12B], column 7, 

lines 5-65); 

(c2) sending the received password to the security chip (Figure IB [blocks S12B, S13B], 
column 7, lines 5-65); 

(c4) signing the received password with the loaded private key by the security chip 
(Figure IB [block S13B], column 7, lines 29-34). 

23. Thompson teaches (c3) loading the private key of the remote user (Figure 5 [block 466], 
column 6, lines 24-26, claim 10). 

24. Concerning claims 10 and 30, Johnson discloses wherein the comparing step (d) 
comprises: 

(dl) comparing the signed received password with the stored signed password (Figure IB 
[blocks S14B, S15B], column 7, lines 34-35, i.e. the two encrypted passwords are compared). 

25. Concerning claims 1 1 and 31, Johnson teaches wherein the granting step (e) comprises: 
(el) granting access to the remote user if the signed received password is the same as the 

stored signed password (Figure IB [block S17B], column 7, lines 35-65). 
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26. Regarding claims 12 and 32, Johnson discloses wherein the signing step (a) comprises: 
(al) creating a blob for the remote user, wherein the blob comprises a password for the 

remote user signed with a key of the security chip (Figure 1 A [blocks S13A, S14A], column 6, 
line 37 to column 7, line 65, column 8, line 43to column 9, line 32). 

27. Johnson does not teach signing the password with a private key. 

28. Thompson teaches signing using a private key (Figure 5 [block 466], column 6, lines 24- 
26, claim 10). 

29. It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to create a key pair for a remote user, and signing the phrase with the private key of 
the user, since Thompson states at column 2, lines 4-62 that such a modification would add a 
low-cost security feature to portable devices. 

30. With regards to claims 13 and 33, Johnson discloses wherein the associating step (b) 
comprises: 

(bl) associating the blob with the remote user (Figure 1A [blocks S13A, S14A], column 
6, line 37 to column 7, line 65); and 

(b2) storing the blob associated with the remote user (Figure 1 A [block S14A], column 3, 
lines 53-54, column 6, line 59 to column 7, line 4, column 8, line 43 to column 9, line 33). 

3 1 . Concerning claims 14 and 34, Johnson teaches wherein the signing step (c) comprises: 
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(cl) receiving the password from the remote user (Figure IB [blocks S12B], column 7, 
lines 5-65);); 

(c2) sending the received password and the blob associated with the remote user to the 
security chip (Figure IB [block S13B], column 7, lines 29-34). 

32. Thompson discloses (c3) decrypting the blob associated with the remote user using a 
public key of the security chip to obtain the stored password (Figure 5 [block 466], column 6, 
lines 24-26, claim 10). 

33. Concerning claims 15 and 35, Johnson teaches wherein the comparing step (d) 
comprises: 

(dl) comparing the stored password with the received password (Figure IB [blocks 
S14B, S15B], column 7, lines 34-35). 

34. Concerning claims 16 and 36, Johnson discloses wherein the granting step (e) comprises: 
(el) granting access to the remote user if the stored password is the same as the received 

password (Figure IB [block S17B], column 7, lines 35-65). 

35. Regarding claims 17 and 37, Johnson teaches (f) denying access to the remote user if the 
phrase signed with the obtained encryption key is the same as the stored signed phrase associated 
with the remote user (Figure IB [blocks S16B], column 7, lines 5-65). 
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36. As per claims 18 and 38, Johnson discloses a method for providing security in password- 
based access to computer networks, the network including a server and a remote user, 
comprising the steps of: 

(b) signing a phrase with the key of the remote user by the security chip (Figure 1 A 
[block S13A], column 6, lines 37-58); 

(c) associating the signed phrase with the remote user (Figure 1 A [blocks S13A S14A], 
column 6, line 37 to column 7, line 65); 

(c) storing the signed phrase associated with the remote user (Figure 1A [block S14A], 
column 3, lines 53-54, column 6, line 59 to column 7, line 4, column 8, line 43 to column 9, line 
33); 

(d) receiving a password from the remote user (Figure IB [blocks S12B], column 7, lines 

5-65); 

(e) sending the received password and the phrase to the security chip (Figure IB [blocks 
S12B, S13B], column 7, lines 5-65); 

(g) signing the phrase with the loaded key by the security chip (Figure IB [block S13B], 
column 7, lines 29-34); 

(h) comparing the phrase signed with the loaded private key with the stored signed phrase 
associated with the remote user (Figure IB [blocks S14B, S15B], column 7, lines 34-35); and 

(i) granting access to the remote user if the phrase signed with the loaded key is the same 
as the stored signed phrase associated with the remote user (Figure IB [block S17B], column 7, 
lines 35-65). 
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37. Johnson does not teach (a) creating a public key and a private key for the remote user by 
a security chip of the server; and (f) loading the private key of the remote user. 

38. Thompson discloses (a) creating a public key and a private key for the remote user by a 
security chip of the server (Figure 5 [block 466], column 6, lines 24-26); (f) loading the private 
key of the remote user (Figure 5 [block 466], column 6, lines 24-26, claim 10). 

39. It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to create a key pair for a remote user, and signing the phrase with the private key of 
the user, since Thompson states at column 2, lines 4-62 that such a modification would add a 
low-cost security feature to portable devices. 

40. As per claims 19 and 39, Johnson teaches a method for providing security in password- 
based access to computer networks, the network including a server and a remote user, 
comprising the steps of: 

(a) signing a password for the remote user by a security chip of the server with a key of 
the security chip (Figure 1A [block S13A], column 6, lines 37-58); 

(b) associating the signed password with the remote user (Figure 1A [blocks S13A 
S14A], column 6, line 37 to column 7, line 65); 

(c) storing the signed password associated with the remote user (Figure 1A [block S14A], 
column 3, lines 53-54, column 6, line 59 to column 7, line 4, column 8, line 43 to column 9, line 
33); 

(d) receiving the password from the remote user (Figure IB [blocks S12B], column 7, 
lines 5-65); 
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(e) sending the received password to the security chip (Figure IB [blocks S12B, S13B], 
column 7, lines 5-65); 

(g) signing the received password with the loaded key by the security chip (Figure IB 
[block S13B], column 7, lines 29-34); 

(h) comparing the signed received password with the stored signed password (Figure IB 
[blocks S14B, S15B], column 7, lines 34-35); and 

(i) granting access to the remote user if the signed received password is the same as the 
stored signed password (Figure IB [block S17B], column 7, lines 35-65). 

41 . Johnson does not teach the use of private keys or loading the private key of the security 
chip. 

42. Thompson discloses the use of private keys and loading the private key of the remote 
user (Figure 5 [block 466], column 6, lines 24-26, claim 10). 

43. It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to create a key pair for a remote user, and signing the phrase with the private key of 
the user, since Thompson states at column 2, lines 4-62 that such a modification would add a 
low-cost security feature to portable devices. 

44. As per claims 20 and 40, Johnson discloses a method for providing security in password- 
based access to computer networks, the network including a server and a remote user, 
comprising the steps of: 
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(a) creating a blob for the remote user, wherein the blob comprises a password for the 
remote user signed with a key of a security chip of the server (Figure 1 A [blocks S13A, S14A], 
column 6, line 37 to column 7, line 65, column 8, line 43to column 9, line 32); 

(b) associating the blob with the remote user (Figure 1A [blocks SI 3 A, S14A], column 6, 
line 37 to column 7, line 65); 

(c) storing the blob associated with the remote user (Figure 1 A [block S14A], column 3, 
lines 53-54, column 6, line 59 to column 7, line 4, column 8, line 43 to column 9, line 33); 

(d) receiving the password from the remote user (Figure IB [blocks S12B], column 7, 
lines 5-65); 

(e) sending the received password and the blob associated with the remote user to the 
security chip (Figure IB [blocks S12B, SOB], column 7, lines 5-65); 

(g) comparing the stored password with the received password (Figure IB [blocks S14B, 
S15B], column 7, lines 34-35); and 

(h) granting access to the remote user if the stored password is the same as the received 
password (Figure IB [block S17B], column 7, lines 35-65). 

45. Johnson does not teach using a private key to sign the password, and decrypting the blob 
associated with the remote user using a public key of the security chip to obtain the stored 
password. 

46. Thompson teaches signing using a private key (Figure 5 [block 466], column 6, lines 24- 
26, claim 10); and 

(f) decrypting the blob associated with the remote user using a public key of the security 
chip to obtain the stored password (Figure 5 [block 466], column 6, lines 24-26, claim 10). 
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47. It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to create a key pair for a remote user, and signing the phrase with the private key of 
the user, since Thompson states at column 2, lines 4-62 that such a modification would add a 
low-cost security feature to portable devices. 

Claim Objections 

48. Claims 6 and 26 are objected to because of the following informalities: The preamble 
recites "step (h)," where there is no previously mentioned step (h). For the sake of examination, 
the Examiner will interpret Claim 6 as referring to step (e). 

49. Claims 18 and 38 are objected to because of the following informalities: The limitation 
recites two "step (g)." For the sake of examination, the Examiner will interpret the second step 
(g) as step (i). 

50. Appropriate correction is required. 

Conclusion 

5 1 . The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

52. The following patents are cited to further show the state of the art with respect to 
password authentication, such as: 

United States Patent Application Publication No. 2003/0074566 to Hypponen, which is 
cited to show encrypting data using a cryptographic key derivable from or accessed using a 
passphrase. 

United States Patent No. 5,774,650 to Chapman et al., which is cited to show controlling 
the access of a plurality of users to a computer system. 
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United States Patent No. 5,884,3 12 to Dustan et al., which is cited to show securely 
accessing information from disparate data sources through a network. 

United States Patent No. 6,064,736 to Davis et al., which is cited to show an encrypted 
session for additional password verification. 

United States Patent No. 5,719,941 to Swift et al., which is cited to show changing 
passwords on a remote computer. 

53. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Christian La Forgia whose telephone number is (571) 272-3792. 
The examiner can normally be reached on Monday thru Thursday 7-5. 

54. If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (571) 272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

55. Information regarding the status of an application may be obtained from the Patent 

Application Information Retrieval (PAIR) system. Status information for published applications 

may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 

applications is available through Private PAIR only. For more information about the PAIR 

system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 

system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

Christian LaForgia 
Patent Examiner 
Art Unit 2131 
elf 




